U.K. cybersecurity vendor Sophos today unveiled a new cross-operational unit it said is designed to help organizations better defend against constantly changing and increasingly complex cyberattacks.
Known as Sophos X-Ops, the initiative involves three groups – SophosLabs, Sophos SecOps, and Sophos AI – that combined will result, the company said, in more innovative protection, detection and response capabilities.
Joe Levy, the company’s chief technology officer, said, “modern cybersecurity is becoming a highly interactive team sport, and as the industry has matured, necessary analysis, engineering, and investigative specializations have emerged.
“Scalable end-to-end operations now need to include software developers, automation engineers, malware analysts, reverse engineers, cloud infrastructure engineers, incident responders, data engineers and scientists, and numerous other experts, and they need an organizational structure that avoids silos.”
In a media alert, the company likened the initiative to an “emergency room team for cybersecurity. A severe injury might require a heart surgeon, a nurse, and an emergency medicine specialist. Each has their own unique capabilities, but only working together can they stop the blood flow and save the patient.”
SophosLabs is made up of 250+ researchers around the world who investigate new malware, and has been in existence for more than 20 years, SecOps is made up of the company’s Managed Threat Detection and Response service (MTR) formed in 2019, and Sophos AI was formed five years ago when the company purchased Invincia, an anti-malware software firm that specializes in machine learning.
The company, said Levy, has unified three “globally recognized and mature teams within Sophos to provide this breadth of critical subject matter and process expertise.
“Joined together as Sophos X-Ops, they can leverage the strengths of each other, including analysis of worldwide telemetry from more than 500,000 customers, industry-leading threat hunting, response and remediation capabilities, and rigorous artificial intelligence to measurably improve threat detection and response.
“Attackers are often too organized and too advanced to combat without the combined expertise and operational efficiency of a joint task force like Sophos X-Ops.”
In an interview with IT World Canada, he said that something that has been well known within intelligence communities for years now is that “we often have access to information that could be helpful, but we do not always have the right communication structures to put that information to good use.
“The metaphor of the emergency room works really, really well. Ultimately what we are trying to do is come up with the most efficient model to be able to detect and respond to threats.”
A release from Sophos references a speech in March from FBI Director Christopher Wray on the importance of partnering with the private sector to counter the cyber threat.
“What partnership lets us do is hit our adversaries at every point, from the victims’ network back all the way to the hackers’ own computers, because when it comes to the FBI’s cyber strategy, we know trying to stand in the goal and block shots isn’t going to get the job done,” said Wray.
“We’re disrupting three things: the threat actors, their infrastructure, and their money. And we have the most durable impact when we work with all of our partners to disrupt all three together.”
Sophos said the X-Ops team is taking a similar approach. This includes gathering and operating on threat intelligence from its own multidisciplinary groups to help stop attackers earlier and working with law enforcement to neutralize attacker infrastructure.
“While Sophos’ internal teams already share information as a matter of course, the formal creation of Sophos X-Ops drives forward a faster, more streamlined process necessary to counter equally fast-moving adversaries,” it said.
Meanwhile, the company today also issued details about the team’s first formal victory involving the prevention of attacks on Microsoft SQL servers.
Sophos X-Ops, it said, identified and thwarted the attacks because the teams combined their respective knowledge of the incidents, jointly analyzed them, and took action to quickly contain and neutralize their adversaries.
Levy described the breakthrough as an example of how “certain problems are best solved with a structure like what we are describing with Sophos X-Ops.
“It is illustrative of the kind of collaboration that was necessary in order to detect, analyze, respond and then disseminate that information as a form of protection to our customers.”
As for pricing information, the company issued the following statement earlier today: “The benefits of Sophos X-Ops are automatically inherent in all of Sophos’ products and services, and feeds we provide through OEM agreements.
“All of Sophos’ customers are Sophos X-Ops customers, meaning all Sophos customers benefit from the cross-operational approach of Sophos X-Ops.”